@@ -186,6 +186,7 @@ func validateGenericSeed(persoBlob *ate.PersoBlob, expectedSeedSize int) error {
186186}
187187
188188type flags struct {
189+ SkipValidation bool
189190 DiceLeaf string
190191 DiceICA string
191192 ExtICA string
@@ -197,6 +198,7 @@ type flags struct {
197198}
198199
199200func parseFlags () * flags {
201+ skipValidation := flag .Bool ("skip-validation" , false , "If true, will only parse records and skip cert validation." )
200202 diceCertLeaf := flag .String ("dice-leaf" , "" , "DICE cert leaf: UDS, CDI_0 or CDI_1. Required." )
201203 diceICA := flag .String ("dice-ica" , "" , "Path to the DICE ICA certificate file. Required." )
202204 extICA := flag .String ("ext-ica" , "" , "Path to the external ICA certificate file. Optional." )
@@ -215,7 +217,11 @@ func parseFlags() *flags {
215217 }
216218
217219 if * diceCertLeaf == "" || * diceICA == "" || * rootCA == "" {
218- log .Fatalf ("Error: -dice-leaf, -dice-ica, and -root-cert flags are required." )
220+ if * skipValidation {
221+ log .Print ("-skip-validation set to true, will skip verifying cert flags are not empty" )
222+ } else {
223+ log .Fatal ("Error: -dice-leaf, -dice-ica, and -root-cert flags are required." )
224+ }
219225 }
220226
221227 switch * diceCertLeaf {
@@ -225,6 +231,7 @@ func parseFlags() *flags {
225231 }
226232
227233 return & flags {
234+ SkipValidation : * skipValidation ,
228235 DiceLeaf : * diceCertLeaf ,
229236 DiceICA : * diceICA ,
230237 ExtICA : * extICA ,
@@ -392,15 +399,19 @@ func main() {
392399 log .Fatalf ("Error parsing registry record: %v" , err )
393400 }
394401
395- diceICABytes , err := utils .ReadFile (flags .DiceICA )
396- if err != nil {
397- log .Fatalf ("Failed to read DICE ICA certificate file: %v" , err )
398- }
399- diceICAPemBytes , err := possiblyConvertToPEM (diceICABytes )
400- if err != nil {
401- log .Fatalf ("Failed to convert DICE ICA certificate to PEM: %v" , err )
402+ // This flag will always be set unless flags.SkipValidation is true.
403+ if flags .DiceICA != "" {
404+ diceICABytes , err := utils .ReadFile (flags .DiceICA )
405+ if err != nil {
406+ log .Fatalf ("Failed to read DICE ICA certificate file: %v" , err )
407+ }
408+ certs .diceICA = append (certs .diceICA , cert {id : flags .DiceICA , data : string (diceICABytes )})
409+ diceICAPemBytes , err := possiblyConvertToPEM (diceICABytes )
410+ if err != nil {
411+ log .Fatalf ("Failed to convert DICE ICA certificate to PEM: %v" , err )
412+ }
413+ certs .diceICA = append (certs .diceICA , cert {id : flags .DiceICA , data : string (diceICAPemBytes )})
402414 }
403- certs .diceICA = append (certs .diceICA , cert {id : flags .DiceICA , data : string (diceICAPemBytes )})
404415
405416 if flags .ExtICA != "" {
406417 extICABytes , err := utils .ReadFile (flags .ExtICA )
@@ -443,6 +454,10 @@ func main() {
443454 if err := writeFile (diceLeafFilename , []byte (cert .data )); err != nil {
444455 log .Fatalf ("failed to write DICE leaf certificate: %v" , err )
445456 }
457+ if flags .SkipValidation {
458+ log .Printf ("Skipping validation for DICE cert %q because --skip-validation is set to true" , cert .id )
459+ continue
460+ }
446461 if err := verifyCertificate (flags .RootCA , diceICAFilename , diceLeafFilename , true ); err != nil {
447462 log .Fatalf ("failed to verify DICE leaf certificate: %v" , err )
448463 }
@@ -454,6 +469,10 @@ func main() {
454469 if err := writeFile (extLeafFilename , []byte (cert .data )); err != nil {
455470 log .Fatalf ("failed to write external leaf certificate: %v" , err )
456471 }
472+ if flags .SkipValidation {
473+ log .Printf ("Skipping validation for EXT cert %q because --skip-validation is set to true" , cert .id )
474+ continue
475+ }
457476 if err := verifyCertificate (flags .RootCA , extICAFilename , extLeafFilename , false ); err != nil {
458477 log .Fatalf ("failed to verify external leaf certificate: %v" , err )
459478 }
0 commit comments